skipped identities
Add extra messages to debug reasons for skipping an identity
(not allowed by configuration or not accepted by peer,
if server announce supported algorithms in extension)

skipped identities
Add extra messages to debug reasons for skipping an identity
(not allowed by configuration or not accepted by peer,
if server announce supported algorithms in extension)

work with broken "server-sig-algs" extension
Server extension "server-sig-algs" was not implemented properly in OpenSSH 7.3 and 7.4.
New version detect broken servers and replaces incorrect algorithm announcement with correct list.
For instance OpenSSH 7.3 list only algorithms rsa-sha2-256 and rsa-sha2-512.
As result PKIX-SSH functionality for "adaptive public key algorithm selection"
in connection to OpenSSH 7.3 skips all other identities except those with RSA key.

[RFC6187] keys
Now certificates sent for a identity encoded in [RFC6187] are used in verification process.
This mean that there is no requirement client or server to keep intermediate certificates in X.509 store for [RFC6187] keys.

portability
Functions "llabs" is not defined as library function in Android API before level 21 (v5.0, LOLLIPOP).
It is replaced with local version to ensure binary compatibility with oldest API.

compatibility
Some OpenSSL compatible libraries hide and do not export OpenSSL functions like UTF8_getc and UTF8_putc.
To avoid build issue a local version is bundled. Note that this piece of code is under OpenSSL license.
Also code is fixed to avoid implicit function declarations warnings.

FIPS in identification string
If secsh daemon runs in FIPS mode it will send string "FIPS" in comment field of
protocol identification string when the connection is established.

server extension "publickey-algorithms@roumenpetrov.info"
Added experimental support for extension negotiation mechanism -
client offer support of extension negotiation and server respond
with list of supported public key algorithms within a custom extension
"publickey-algorithms@roumenpetrov.info".
This experimental functionality is basis for future PKIX-SSH versions
to prefer [RFC6187] algorithms instead legacy one like
x509v3-sign-rsa and x509v3-sign-dss.

extension "server-sig-algs"
This extension is considered as limited variant of extension above,
i.e. server supports only public key algorithms for which
name of algorithm match name of signature.
Note this is not the case for [RFC6187] algorithms.
For compatibility reasons PKIX-SSH server
offers "server-sig-algs" extension as well.

new server options AcceptedAlgorithms
This pattern like global only option allows server to limit algorithms
listed in extension "publickey-algorithms@roumenpetrov.info".
By default all supported public key algorithms are announced.
Note that this options adds additional restriction to options
PubkeyAlgorithms and HostbasedAlgorithms that could be set
conditionally per user and etc - see option Match.
Indirectly option limit list send in "server-sig-algs" extension.

new RSA key algorithms
This version supports new public key algorithms: rsa-sha2-256 (default) and rsa-sha2-512.
Client and agent will use them only if server announce them in one of extensions
mentioned above.

adaptive public key algorithm selection
This is experimental technology based on server extension mentioned above.
Adaptive selection is used in public authentication to the servers that
announce supported public-key algorithms.
Client with try to find match between those algorithms and announced by server
taking into account client option PubkeyAlgorithms as well.
For instance let an identity is a X.509 RSA certificate. Such identity could be used in
"x509v3-sign-rsa", "x509v3-ssh-rsa", "rsa-sha2-256" and "rsa-sha2-512" or "ssh-rsa"
public key algorithms.
Let client option PubkeyAlgorithms is default one - '*'.
Let server announce "ssh-rsa" then this algorithm will be used in public key
authentication nevertheless where identity is stored - file system, or secure token
(pkcs#11 module), or provided by ssh agent, or openssl loadable module (engine).
Note if server does not send extensions you could set manually PubkeyAlgorithms
per host to achieve similar functionality.

hostkey update and rotation
Ensure working update and rotation of hostkeys in [RFC6187] formats.
Feature could be requested by client with option UpdateHostKeys.

additional compatibility for [RFC6187]
Added detection for other ssh products that implement EC [RFC6187] keys similar as PKIX-SSH
before to be implemented properly in 10.0.

log launch in FIPS
Now server write message that program is run FIPS mode on standard error instead system log.
Client, agent and key generator output such message as well.
On system with fipscheck, in addition to server and client,
verification is added to agent and key generator programs.
Note that you should move checksum files for system server(sshd) and client(ssh)
from fipscheck directory ( /usr/lib{64,}/fipscheck) to directory of executable
to allow PKIX-SSH and system secure shell to coexist.

OpenSSL versions
No restrictions for OpenSSL version.
PKIX-SSH supports builds with most recent (1.1.+, current) and ancient (0.9.7*) versions of
OpenSSL cryptographic library build in different configurations like FIPS or Kerberos enabled.

prolong UsePrivilegeSeparation options
Use of server options UsePrivilegeSeparation is useful in environments
where server runs in user space.

x509v3-ssh-*algorithms
Support x509v3-ssh-rsa and x509v3-ssh-dss algorithms ([RFC6187])
in addition to x509v3-sign-rsa and x509v3-sign-dss.
Note x509v3-sign-* are still preferred.

demon advertise PKIX-SSH release
Secure shell sever advertise PKIX-SSH release version in connections and logs.
Version number could be used to detect capabilities of secure shell server.

support VPN tunnel for Darwin's utun device

code cleanup
Completely remove possibility to build without X.509 store.
Rewrite many methods to use new library style API and mainly to take
into account public-key algorithm name and compatibilities.